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CCNA Security Lab 19 - Cisco IOS Intrusion Prevention System - SDM 

Lab 19 


Cisco IOS Intrusion Prevention System 
Lab Objective: 

The objective of this lab exercise is for you to learn and understand how use 
Cisco SDM to configure the Cisco IOS Intrusion Prevention System. 

Lab Purpose: 

Cisco IOS IPS lets you monitor and prevents intrusions by comparing traffic 
against signatures of known threats and blocking the traffic when a threat is 
detected 

Lab Difficulty: 

This lab has a difficulty rating of 7/10. 

Readiness Assessment: 

When you are ready for your certification exam, you should complete this lab in 
no more than 15 minutes. 

Lab Topology: 

Please use the following topology to complete this lab exercise: 



172 . 16 . 1 . 254/24 




Lab 19 Configuration Tasks 
Task 1: 

Configure the hostnames and IP addresses on R1 and R2 as illustrated in the 
network diagram. Configure R2 to send R1 clocking information at a rate of 
768Kbps. In addition, configure a static default route on R2 via its SerialO/O 
interface. Ping between R1 and R2 to verify your configuration and ensure that 
the two routers have IP connectivity. 

Task 2: 

Configure Host 1 with the IP address illustrated in the diagram and a default 
gateway pointing to Rl. Verify that Host 1 can ping R1 and R2. 

Task 3: 

Configure a username of sdmadmin with 

a privilege level of 15 and a password of security on Rl. In addition to this, enable HTTPS and SSH on Rl using the 
domain name howtonetwork.net. 
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password pair configured on the router. 

Task 4: 

Using SDM (from Host 1), configure Cisco IOS IPS on R1 using the following parameters 
Use FastEthernetO/O as the inbound interface 
Use SerialO/O as the outbound interface 

Use an SDF located on your PC/workstation/router (the file will have a .SDF 
extension) 

Configure a Public Key of your choice, using 
security as the password 
Store IPS files on the router Flash memory 
Use a Basic signature category 

Lab 19 Configuration and Verification 
Task 1: 

Router(config)#hostname R1 
Rl(config)#int fO/O 

Rl(config-if)#ip address 172.16.1.1 255.255.255.0 

Rl(config-if)#no shutdown 
Rl(config-if)#exit 
Rl(config)#int sO/O 

Rl(config-if)#ip address 10.1.1.1 255.255.255.252 

Rl(config-if)#no shut 
Rl(config-if)#exit 
Rl(config)#exit 
Rl# 

Router(config)#hostname R2 
R2(config)#int sO/O 

R2(config-if)#ip address 10.1.1.2 255.255.255.252 
R2(config-if)#clock rate 768000 

R2(config-if)#no shut 
R2(config-if)#exit 

R2(config)#ip route 0.0.0.0 0.0.0.0 seO/O 

R2(config)#exit 

R2# 

R2#ping 10.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: 




Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/9 ms 

Task 2: 



Task 3: 

Rl(config)#username sdmadmin privilege 15 secret security 
Rl(config)#ip domain-name howtonetwork.net 
Rl(config)#crypto key generate rsa 

The name for the keys will be: Rl.howtonetwork.net 
Choose the size of the key modulus in the range of 360 to 2048 for your 
General Purpose Keys. Choosing a key modulus greater than 512 may take 


a few minutes. 


How many bits in the modulus [512]: 

% Generating 512 bit RSA keys, keys will be non-exportable...[OK] 

Rl(config)#ip http secure-server 
Rl(config)#ip http authentication local 

Rl(config)#exit 

Rl# 


Task 4: 























For a reference on how to initialize and access SDM, please refer to the solutions in Lab 17 
From the Intrusion Prevention System screen click on the Launch IPS Rule Wizard button: 


Cisco Ho ill or and ^ociuily Itovflco Mana^or {SDMj: * 7?-1 6-1 -1 


Fi(o £d!l V14 W Thai a HaIp 


(Ml-hth’ Crjrt i-j.■ p- 


h i 'lor 


Qn 

RbJi r if s 


VM J 

■finvn 






r-igir^i 


a 1 | 1 i I | i p 

CISCO 



pf miry«ion Pr#v*ni^fl Sytttm (IPS) 


CronfoPS btJiMF-y ucurtty Dui';hbDihrd IPS Mlfpr-atiDn 

fh'i |py rulfi c ann^Lm-iV. ri w-.--.m 1 ncnl* py.- . 11 ■ ! = . rulijr; an .-n «nVir|.»ri* -mrl--.il □ tspii-r in^’-lPPM 
1 u C ailOri O' n 11 * SDf f>i grxjii s ry u sjriFilEJftri n iij>? 


Ui.4= I' .T ’• *■ Nrn M.ll’l 13 


M InVifticn p# - " 

if" = 1 l-L»pJ*-"j *rti*«“N.E-y h’lFi M4> 

1 k i^MUa 




LuuncMPH kulo WlZHPd. 


I■ 1 1• ij Ion Pruvr.nfcoj'i £fcFS> 


01 22 43 UTC Trk Mftr 01 2002 


l2l 


Click Ok to acknowledge the enabling of SDEE: 
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Click Ok to acknowledge the second pop-up window: 

























































Click on Next to continue on the Welcome to the IPS Policies Wizard window: 
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Check the appropriate boxes to configure FaO/O as the inbound interface and SeO/O as the outbound interface and 
click Next to continue: 



























































Select the location of your desired SDF file and click Ok to continue: 





































Click Yes to create the file: 
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Click on Next to continue: 
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Configure your Public Key and the key string and click Next to continue: 






















































































Specify the router Flash as the configuration location and click on Next to continue: 




































































Click on the Finish radio button to complete your configuration: 































































F i^ 1 E 1 hnmfiin /0 
ftipno!iiJff> Tih> me :iiigi»v 
fir- h flan ■ t K-ii«fisi- .(!' 

PLTbSIC Kov 

WimD IFSKEV 
K*¥ tPCWrrtY 
C Oil fly >_ I »■:.-?• ]| I 
■fi i-■-hi r 

Efhh> cl' I d C Ht'»JGilY C I ■an^iUrL'-:. 
Li .is IL 





ri.Tiy.ffcJ 

C ■ < 1 ir. H 1 I 


| •‘ri'Iru n Fiyy ■»■! q n J-v;. In 11 ■ ■'.! FS> 


fn !?,n -i? UTC Fri h,,M 151 v 00 ? 


Click on Ok to complete your Cisco IOS IPS configuration: 
































































Once complete, you will be taken to the Intrusion Prevention System page. From Edit IPS tab you can click on 
Signatures to view IPS signatures: 
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Lab 19 Configurations 
R1 Configuration 

Rl#show run 
Building configuration... 

Current configuration : 2792 bytes 
! 

version 12.4 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 
! 

hostname R1 
! 

boot-start-marker 
boot-end-ma rker 
! 

no logging console 
! 

no aaa new-model 
no network-clock-participate slot 1 
no network-clock-pa rticipate wicO 
ip cef 
! 

! 

! 

! 

ip ips config location flash:/ retries 1 
ip ips notify SDEE 
ip ips name sdm_ips_rule 
! 

ip ips signature-category 
category all 

















retired true 


category ios_ips basic 
retired false 

! 

! 

multilink bundle-name authenticated 
! 

! 

crypto pki trustpoint TP-self-signed-533650306 
enrollment selfsigned 

subject-name cn=IOS-Self-Signed-Certificate-533650306 
revocation-check none 
rsakeypair TP-self-signed-533650306 
! 

! 

crypto pki certificate chain TP-self-signed-533650306 
certificate self-signed 02 

30820238 308201A1 A0030201 02020102 300D0609 2A864886 F70D0101 04050030 
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
69666963 6174652D 35333336 35303330 36301E17 0D303230 33303130 31313834 

305A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3533 33363530 
33303630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
A10043E2 FB10C1D1 BA18F3AD 554F081C ACA14F4C EA48E0C1 4739653D B7759EE7 
8EB29881 7F391723 E2BB7EC6 54EB6F25 B4E94520 DF8DA15C 3B9E6F7C 3AA57549 
80AB643F A9427071 965DD56A 2D3E60CE 775F2ED5 C9014FCD F313F3EB B5189F62 
09F461BC 32E3E78F F93C8B07 0740DDA8 7B880D1B A3185787 CE621B35 3511A9D5 
02030100 01A36230 60300F06 03551D13 0101FF04 05300301 01FF300D 0603551D 
11040630 04820252 31301F06 03551D23 04183016 8014CD63 D2C471B7 ABA4ACF9 
C2B6020D 4A895471 C7F9301D 0603551D 0E041604 14CD63D2 C471B7AB A4ACF9C2 
B6020D4A 895471C7 F9300D06 092A8648 86F70D01 01040500 03818100 506DD62A 
3B2BD8F7 9A48B649 FFA06BDF C0799E33 C6396BD8 EAB01D87 2E13E0B7 BF85BF1A 
0D35DBB7 0B8B52FF 2C7CA886 06677477 A0C1AEB0 EAB1E964 0E5BA4B0 C8B91456 
1BFA09D0 DDFC8D9A AF2BF871 BAF62DB0 066D082C 9EC9D36E 422F97D3 35CE049E 
01EECDB0 0FCF64E1 AE95ACD6 FADE74B8 950F7F41 09509770 CEEF7F30 
quit 

! 

! 
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archive 
log config 
hidekeys 

! 

! 

! 

crypto key pubkey-chain rsa 
named-key IPSKEY 
key-string 
quit 

! 

! 

! 

! 

! 

interface FastEthernetO/O 

ip address 172.16.1.1 255.255.255.0 
ip ips sdm_ips_rule in 
ip virtual-reassembly 
duplex auto 
speed auto 
! 

interface Serial0/0 

ip address 10.1.1.1 255.255.255.252 
ip ips sdm_ips_rule out 
ip virtual-reassembly 
! 

ip forward-protocol nd 
! 

! 

ip http server 
ip http authentication local 
ip http secure-server 
! 

! 

! 

! 

! 



control-plane 

! 

! 

! 

line con 0 
line aux 0 
line vty 0 4 
privilege level 15 
password cisco 
login 
! 

! 

end 

R2 Configuration 

R2#show running-config 
Building configuration... 

Current configuration : 818 bytes 
! 

version 12.4 

service timestamps debug datetime msec 
service timestamps log datetime msec 
no service password-encryption 
! 

hostname R2 
! 

boot-start-marker 
boot-end-ma rker 
! 

no logging console 
! 

no aaa new-model 
no network-clock-participate slot 1 
no network-clock-pa rticipate wic 0 
ip cef 
! 

! 


i 



I 


no ip domain lookup 
! 

multilink bundle-name authenticated 
! 

! 

! 

! 

! 

archive 


log config 
hidekeys 

! 

! 

! 

! 

! 

! 

! 

interface FastEthernetO/O 
no ip address 
shutdown 
duplex auto 
speed auto 
! 

interface SerialO/O 

ip address 10.1.1.2 255.255.255.252 
clock rate 768000 
! 

ip forward-protocol nd 
ip route 0.0.0.0 0.0.0.0 Serial0/0 
! 

! 

ip http server 
ip http authentication local 
no ip http secure-server 
! 

! 


i 
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! 

control-plane 

! 

! 

! 

line con 0 
line aux 0 
line vty 0 4 
privilege level 15 
password cisco 
login 
! 

! 

end 
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